WHAT IS CLAIMED IS: 



1 . A method for responding to a virus alert, the virus alert containing information 
pertaining to a new virus, the method comprising: 
receiving the virus alert; 

assessing a risk level associated with the new virus, the risk level indicating a risk 
of relatively significant damage caused by an infection of the new virus on a computer 
system; and 

obtaining a program code when the risk level indicates that the new vims may 
pose a significant risk of relatively significant damage on the computer system, the 
program code being configured to substantially combat the new virus. 

1. The method as recited in claim 1 wherein assessing the risk level associated with 
the new virus includes: 

obtaining information associated with at least one previous virus which has 
caused a previous infection on the computer system; and 

comparing the information pertaining to the new virus with the information 
associated with the previous virus which has previously caused the previous infection on 
the computer system. 

3. The method as recited in claim 2 wherein the previous virus and the new virus are 
of a first type, and the information associated with the previous virus which has caused 
the previous infection on the computer system includes data associated with a duration of 
the infection and a scope of the infection, 

4. The method as recited in claim 3 wherein when the previous infection has a 
relatively long duration and a relatively significant scope, the risk level indicates that the 
new virus may pose the significant risk of relatively significant damage on the computer 
system. 



Attorney Docket No . NETAPO 1 6 



25 



Patent 



5. The method as recited in claim 2 wherein the information associated with the 
previous virus which has caused the previous infection on the computer system is stored 
in a profile on a database associated with the computer system. 

6. The method as recited in claim 1 wherein the virus alert is received from an anti- 
virus information source. 

7. The method as recited in claim 6 wherein the virus alert is automatically received 
from the anti-vims information source. 

8. The method as recited in claim 7 wherein receiving the virus alert includes 
acquiring the virus alert from the anti-virus information source. 

9. The method as recited in claim 1 wherein the computer system is a computer 
network, the computer network including a plurality of computing devices. 

10. A computer program product responding to a virus alert, the virus alert being 
arranged to provide information pertaining to a new virus, the computer program product 
comprising: 

computer code for receiving the virus alert; 

computer code for assessing a risk level associated with the new virus, the risk 
level indicating a risk of a significant new infection by the new virus on a computer 
system; 

computer code for obtaining program code when the risk level indicates that the 
new virus may pose a significant risk of the significant new infection on the computer 
system, the program code being configured to substantially combat the new virus; and. 

a computer-readable medium that stores the computer codes. 

11. The computer program product as recited in claim 1 0 wherein the computer code 
for assessing the risk level associated with the new virus includes: 
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computer code for obtaining information associated with at least one previous 
virus which has previously caused an infection on the computer system; and 

computer code for comparing the information pertaining to the new virus with the 
information associated with the previous virus which has previously caused the infection 
on the computer system. 

12. The computer program product as recited in claim 1 1 wherein the previous virus 
and the new virus are of a first type, and the information associated with the previous 
virus which has previously caused the infection on the computer system includes data 
associated with a duration of the infection and a scope of the infection. 

13. The computer program product as recited in claim 10 wherein the computer- 
readable medium is one selected firom the group consisting of a hard disk, a CD-ROM, a 
DVD, a computer disk, a tape drive, a computer memory, and a data signal embodied in a 
carrier wave. 

14. A computer system suitable for responding to a virus alert, the virus alert being 
providing information pertaining to a new virus, the computer system comprising: 

computer code for receiving the virus alert; 

computer code for assessing a risk level associated with the new virus, the risk 
level being arranged to indicate a risk of a relatively significant infection by the new 
virus on the computer system; 

computer code for obtaining code when the risk level indicates that the new virus 
may pose a significant risk of the relatively significant infection on the computer system, 
the code being configured to substantially combat the new virus; 

a computer-readable medium that stores the computer codes; and 

a processor that executes the computer codes. 

15. The computer system as recited in claim 14 wherein the computer code for 
assessing the risk level associated with the new vims includes: 
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computer code for obtaining information associated with at least one previous 
vims which has previously caused an infection on the computer system; and 

computer code for comparing the information pertaining to the new virus with the 
information associated with the previous virus which has previously caused the infection 
on the computer system. 

16. The computer system as recited in claim 15 wherein the previous virus and the 
new virus are of a first type, and the information associated with the previous virus which 
has previously caused the infection on the computer system includes data associated with 
a duration of the infection and a scope of the infection. 

17. A method for predicting the incidence of a virus in a computer system, the 
method comprising: 

obtaining information relating to a new virus; 

obtaining information relating to a plurahty of viruses which have previously 
infected the computer system; and 

comparing the information relating to the new virus to the information relating to 
the plurality of viruses which have previously infected the computer system, wherein 
comparing the information relating to the new virus to the information relating to the 
plurality of viruses which have previously infected the computer system includes 
determining a risk level associated with the new virus based on the information relating 
to the plurality of viruses which have previously infected the computer system, the risk 
level being indicative of a risk posed by the new virus to the computer system. 

18. The method as recited in claim 1 7 wherein comparing the information relating to 
the new virus to the information relating to the plurality of viruses which have previously 
infected the computer system further includes: 

determining a virus type associated with the new virus, the virus type being 
included in the information relating to the new virus; and 
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identifying at least a first previous virus which has previously infected the 
computer system, the first previous virus being included in the plurality of virases which 
have previously infected the computer system, the first previous virus having the virus 
type associated with the new virus. 

5 

19. The method as recited in claim 18 wherein comparing the information relating to 
the new virus to the information relating to the plurality of viruses which have previously 
infected the computer system further includes: 

determining when an infection caused by the first previous virus was prolonged; 

10 and 

determining when the infection caused by the first previous virus was widespread. 

20. The method as recited in claim 19 wherein when it is determined that the infection 
caused by the first previous virus was prolonged and when it is determined that the 

1 5 infection caused by the first previous virus was widespread, the risk level associated with 
the new virus is a high risk level. 

21 . The method as recited in claim 20 wherein when the risk level associated with the 
new vims is a high risk level, the method further includes: 

20 obtaining software configured to protect the computer system against the new 

virus; and 

applying the software within the computer system. 

22. The method as recited in claim 19 wherein when it is determined that the infection 
25 caused by the first previous vims was not prolonged and when it is determined that the 

infection caused by the first previous vims was widespread, the risk level associated with 
the new vims is a medium risk level. 

23. The method as recited in claim 19 wherein when it is determined that the infection 
30 caused by the first previous vims was prolonged and when it is determined that the 
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infection caused by the first previous virus was not widespread, the risk level associated 
with the new virus is a medium risk level. 

24. The method as recited in claim 19 wherein when it is determined that the infection 
caused by the first previous virus was not prolonged and when it is determined that the 
infection caused by the first previous virus was not widespread, the risk level associated 
with the new virus is a low risk level. 

25. The method as recited in claim 17 wherein comparing the information relating to 
the new virus to the information relating to the plurality of viruses which have previously 
infected the computer system further includes: 

determining a virus type associated with the new virus, the virus type being 
included in the information relating to the new virus; and 

determining when at least a first previous virus which has previously infected the 
computer system has the same virus type as the new virus exists, the first previous virus 
being included in the plurality of viruses which have previously infected the computer 
system, wherein when the first previous virus having the same virus type as the new virus 
does not exist, the risk level associated with the new virus is an unknown risk level 

26. The method as recited in claim 17 further including: 

creating characterizations for each virus included in the plurality of viruses which 
have previously infected the computer system; and 

storing the characterizations in a database, wherein obtaining the information 
relating to the plurality of viruses which have previously infected the computer system 
includes obtaining the characterizations from the database. 

27. The method as recited in claim 26 wherein creating the characterizations for each 
vims included in the plurality of viruses which have previously infected the computer 
system includes: 

determining a duration of an infection associated with each virus; and 
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determining whether the infection associated with each virus was widespread. 

28. The method as recited in claim 27 fbrther including: 

creating trends associated with the characterizations, wherein obtaining the 
5 information relating to the plurality of viruses which have previously infected the 
computer system includes obtaining the trends from the database 

29. The method as recited in claim 17 wherein the information relating to the plurality 
of viruses which have previously infected the computer system is stored on a database 

10 that is associated with the computer system. 

30. The method as recited in claim 1 7 wherein the information relating to the new 
virus is obtained from an anti-vims website. 

15 31. The method as recited in claim 1 7 wherein the computer system is a computer 
network, the computer network including at least two networked computing devices. 

32. A computer program product for predicting the incidence of a virus in a computer 
system, the computer program product comprising: 

20 computer code for obtaining information relating to a new virus; 

computer code for obtaining information relating to a plurality of viruses which 
have previously infected the computer system; 

computer code for comparing the information relating to the new virus to the 
information relating to the plurality of viruses which have previously infected the 

25 computer system, wherein the computer code for comparing the information relating to 
the new virus to the information relating to the plurality of viruses which have previously 
infected the computer system includes computer code for determining a risk level 
associated with the new virus based on the information relating to the plurality of viruses 
which have previously infected the computer system, the risk level being indicative of a 

30 risk posed by the new virus to the computer system; and 
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a computer-readable medium that stores the computer codes. 

33. The computer program product as recited in claim 32 wherein the computer code 
for comparing the information relating to the new virus to the information relating to the 
plurality of viruses which have previously infected the computer system further includes: 

computer code for determining a virus type associated with the new virus, the 
virus type being included in the information relating to the new virus; and 

computer code for identifying at least a first previous virus which has previously 
infected the computer system, the first previous virus being included in the plurality of 
viruses which have previously infected the computer system, the first previous virus 
having the virus type associated with the new virus. 

34. The computer program product as recited in claim 33 wherein the computer code 
for comparing the information relating to the new virus to the information relating to the 
plurality of viruses which have previously infected the computer system further includes: 

computer code for determining when an infection caused by the first previous 
virus was prolonged; and 

computer code for determining when the infection caused by the first previous 
virus was vddespread. 

35. The computer program product as recited in claim 34 wherein: 

when it is determined that the infection caused by the first previous virus was 
prolonged and when it is determined that the infection caused by the first previous virus 
was widespread, the risk level associated with the new virus is a high risk level, 

when it is determined that the infection caused by the first previous virus was not 
prolonged and when it is determined that the infection caused by the first previous virus 
was widespread, the risk level associated with the new virus is a medium risk level, 

when it is determined that the infection caused by the first previous virus was 
prolonged and when it is determined that the infection caused by the first previous virus 
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was not widespread, the risk level associated with the new virus is a medium risk level, 
and 

when it is determined that the infection caused by the first previous virus was not 
prolonged and when it is determined that the infection caused by the first previous virus 
was not widespread, the risk level associated with the new virus is a low risk level. 

36. The computer program product as recited in claim 32 wherein the computer code 
for comparing the information relating to the new virus to the information relating to the 
plurality of viruses which have previously infected the computer system further includes: 

computer code for determining a virus type associated with the new virus, the 
vims type being included in the information relating to the new virus; and 

computer code for determining when at least a first previous virus which has 
previously infected the computer system has the same virus type as the new virus exists, 
the first previous virus being included in the plurality of viruses which have previously 
infected the computer system, wherein when the first previous vims having the same 
vims type as the new vims does not exist, the risk level associated with the new vims is 
an unknown risk level. 

37. The computer program product as recited in claim 32 further including: 
computer code for creating characterizations for each vims included in the 

plurality of vimses which have previously infected the computer system; and 

computer code for storing the characterizations in a database, wherein the 
computer code for obtaining the information relating to the plurality of vimses which 
have previously infected the computer system includes computer code for obtaining the 
characterizations firom the database. 

38. The computer program product as recited in claim 37 wherein the computer code 
for creating the characterizations for each vims included in the plurality of vimses which 
have previously infected the computer system includes: 



Attorney Docket No. NETAP016 



33 



PATENT 



computer code for determining a duration of an infection associated with each 
virus; and 

computer code for determining whether the infection associated with each virus 
was widespread. 

5 

39. The computer program product as recited in claim 32 wherein the computer code 
for obtaining the information relating to the current virus includes computer code for 
obtaining the information relating to the new virus from an anti-virus website. 

10 40. The computer program product as recited in claim 39 wherein obtaining the 
information relating to the new vims includes receiving the information from the anti- 
fn virus website. 

41 . The computer program product as recited in claim 32 wherein the computer- 

^J! 15 readable medium is one selected from the group consisting of a hard disk, a CD-ROM, a 

%?,^ 

Ifl DVD, a computer disk, a tape drive, a computer memory, and a data signal embodied in a 

i Hi 

carrier wave. 

r\ 

42, A computer system, the computer system being configured to predict the 
f J 20 incidence of a virus in the computer system, the computer system comprising: 

a database; 

computer code for obtaining information relating to a new virus; 
computer code for obtaining information relating to a plurality of viruses which 
have previously infected the computer system from the database; 
25 computer code for comparing the information relating to the new virus to the 

information relating to the plurality of viruses which have previously infected the 
computer system, wherein the computer code for comparing the information relating to 
the new virus to the information relating to the plurality of viruses which have previously 
infected the computer system includes computer code for determining a risk level 
30 associated with the new virus based on the information relating to the plurahty of viruses 
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which have previously infected the computer system^ the risk level being indicative of a 
risk posed by the new virus to the computer system; 

a computer-readable medium that stores the computer codes; and 

a processor that executes the computer codes. 

5 

43. The computer system as recited in claim 42 wherein the computer code for 
comparing the information relating to the new virus to the information relating to the 
plurality of viruses which have previously infected the computer system further includes: 
computer code for determining a virus type associated with the new virus, the 
1 0 virus type being included in the information relating to the new virus; and 

computer code for identifying at least a first previous virus which has previously 
infected the computer system, the first previous virus being included in the plurality of 
UJ viruses which have previously infected the computer system, the first previous virus 
|T having the virus type associated with the new virus. 

ii 15 

m 44, The computer system as recited in claim 43 wherein comparing the information 

^ relating to the new virus to the information relating to the plurality of viruses which have 

Q previously infected the computer system further includes: 

^!'5 determining when an infection caused by the first previous virus was prolonged; 

m 20 and 

rl determining when the infection caused by the first previous virus was widespread. 

45. The computer system as recited in claim 44 wherein when it is determined that the 
infection caused by the first previous virus was prolonged and when it is determined that 

25 the infection caused by the first previous virus was widespread, the risk level associated 
with the new virus is a high risk level. 

46. The computer system as recited in claim 45 wherein when the risk level 
associated with the new virus is a high risk level, the computer system further includes: 
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computer code for obtaining a driver configured to protect the computer system 
against the new virus; and 

computer code for applying the driver within the computer system, 

5 47. A method for protecting a system against a first virus, the method comprising: 
executing an anti- virus appUcation on the system; and 
executing a virus incidence prediction apphcation on the system, the virus 
incidence prediction apphcation being configured to compare information relating to the 
first virus to information relating to viruses which have previously infected the system to 
10 determine a risk level of infection associated with the first virus, the risk level of 

infection being indicative of a risk posed by the current virus to the system, wherein the 
virus incidence prediction application executes in parallel with the anti- virus apphcation. 

48. The method as recited in claim 47 wherein executing the virus incidence 
1 5 prediction application on the system includes: 

obtaining the information relating to the first virus; 

obtaining the information relating to the viruses which have previously infected 
the system. 

20 49. The method as recited in claim 48 wherein when it is determined that the risk 
level of infection associated with the first virus is higher than a particular risk level, 
executing the virus incidence prediction application on the system further includes: 
obtaining a driver configured to combat the first virus; and 
providing the driver to the anti-virus apphcation, wherein the anti-virus 
25 application is configured to apply the driver to protect the system against the first virus. 

50. The method as recited in claim 48 wherein obtaining the information relating to 
the first virus includes obtaining the information relating to the first virus fi-om a source, 
the source being extemal to the system. 

30 

5 1 . The method as recited in claim 50 wherein the source is an anti-virus website. 
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52. The method as recited in claim 48 wherein obtaining the information relating to 
the viruses which have previously infected the system includes: 

accessing a database associated with the system, the database being configured to 
5 store profiles associated with the viruses which have previously infected the system; and 
obtaining the profiles associated with the viruses which have previously infected 
the system. 

53. The method as recited in claim 52 wherein the profiles associated with the viruses 
1 0 which have previously infected the system include characterizations of a duration of each 

infection associated with the viruses which have previously infected the system and 
characterizations of whether each infection was widespread. 

54. The method as recited in claim 53 wherein executing the virus incidence 
15 prediction application on the system further includes: 

creating the profiles associated with the viruses which have previously infected 
the system. 

55. The method as recited in claim 47 wherein the first virus is not present on the 
20 system. 

56. The method as recited in claim 47 wherein the system is a network, the network 
including a plurality of computer systems. 

25 
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